F5 Silverline
Web Application Firewall
DATASHEET
Whats Inside
2 Drive Efficiencies with a
Comprehensive Web
Application Firewall Service
2 Receive Expert Policy Building
and Monitoring
3 Hybrid Policy Management
and Deployment
3 Defend with Proven Security
Effectiveness
3 Comprehensive Attack
Protection
4 Built-In Compliance and
Reporting Capabilities
4 Gain Attack Insights and
Intelligence
5 Comprehensive Managed
Service App Protection
6 Streamlined Self-Service App
Protection
6 The Silverline Cloud-Based
Platform
7 Flexible Licensing
7 Add-On Threat Intelligence
Services
7 F5 Security Operations Center
7 More Information
Get Expert Service to Protect Web
Applications and Achieve Compliance
Organizations that move application workloads to the cloud face challenges protecting
enterprise data. As security attacks across traditional and cloud environments become
more sophisticated, in-house security teams often struggle to stay up to date on the
latest attacks and protection measures, and deliver consistent policies and compliance
across environments. A lack of consistency can result in security vulnerabilities, higher
expenses, and a slower response to threats and compliance issues.
F5 Silverline Web Application Firewall is a cloud-based service with 24x7x365
support from highly specialized security experts. It helps organizations protect web
applications and data, and enable compliance with industry security standards, such as
PCI DSS. Silverline Web Application Firewall is available as a fully managed service for
comprehensive and customized app protection, or as an express self-service for rapid
deployment of expertly maintained policies.
Managed service key benefits
Ensure application security and Defend with proven security effectiveness
compliance Leverage security efficacy with technology built
Get comprehensive protection from advanced on the NSS Labsrecommended F5 BIG-IP
layer 7 attacks, OWASP Top Ten application Application Security Manager (ASM), based
security risks, and zero-day attacksand enable on tests that demonstrate 99.89 percent overall
compliance with key regulatory mandates. security effectiveness.
Get 24x7x365 expert service Drive operational and cost efficiencies
Receive 24x7x365 access to web application Remove the complexity of WAF management,
firewall (WAF) experts who build, proactively increase the speed to deploy new policies, and
monitor, and fine-tune WAF policies against decrease operational expenses.
known and emerging threats.
Gain attack insights and intelligence
Deploy flexibly across hybrid Access reports through the cloud-based customer
environments portal and incorporate external intelligence for
Ensure consistent web application security, securing apps against identified threats.
availability, and user experiences across
traditional and cloud data centers.
DATASHEET
Silverline Web Application Firewall

Drive Efficiencies with a Comprehensive Web Application

Firewall Service
The growth of cloud-hosted web applications has been accompanied by increasingly
sophisticated security attacks and risks that threaten enterprise data. As a result,
administrators and security teams face challenges keeping up to date on the latest
attacks and protection measures. At the same time, they must meet the stringent
compliance requirements for online commerce and data sharing across traditional and
cloud environments.

Organizations must choose between employing specialized IT security teams in-house

resulting in higher expenses and increased time to deploy policiesor delegating the
complex WAF policy management and compliance to a cloud service to drive efficiencies.

The Silverline Web Application Firewall managed service delivers comprehensive,

efficient layer 7 protection and compliance for enterprise data and web applications across
all environments. The service also includes expert support from highly specialized security
experts who remove the complexity of WAF policy management, increase the speed to
F5 Silverline Web Application Firewall Services
deploy new policies, and free up internal IT resources and budget for other projects.
Cloud

PCI DSS Compliant Web

Application Firewall Service

WAF Third-Party Vulnerability

Assessment Tools Cloud Data Center
Attacker

F5 Silverline
Platform Apps SaaS
User

L7 Protection:
Geolocation attack protection, DDoS, SQL injection,
OWASP Top Ten attacks, zero-day threats, AJAX
applications, JSON payloads

On-Premises Data Center

PCI DSS Compliant

Web Application Firewall
Third-Party Vulnerability
ASM Assessment Tools

Apps WAF Silverline Web Application Firewall

Third-Party F5 VIPRION ASM BIG-IP Application Security Manager
Server
VE Virtual Editions

Figure 1: The Silverline Web Application Firewall service protects web applications no matter where
the app is hostedin the private cloud, the public cloud, or a physical data center.

Receive Expert Policy Building and Monitoring

Websites are diverse, complex, and constantly changingrequiring policies with hundreds
if not thousands of clear and precise rules. The Silverline Web Application Firewall managed
service includes the highest level of service in the industry with F5 Security Operations Center
(SOC) experts who manage policy changes while balancing the strictest security controls with
legitimate user access.

Unlike other WAF service vendors that provide self-service capabilities and expect the
customers to handle most of the configurations and policy management, the F5 SOC experts
are available 24 hours a day, 7 days a week, 365 days a year. These experts build, monitor,
and fine-tune policies to protect web applications and data from new and emerging threats.

2
DATASHEET
Silverline Web Application Firewall

Expert policy creation

SOC experts with the managed service are available to work with customers to rapidly
deploy policies and create more advanced policies based on heuristic learning and specific
application-security needs. Policies can be created to work in conjunction with existing
BIG-IP ASM configurations.

Expert policy staging

The managed service SOC experts work to reduce false positives by staging and testing
policies in a live environment using attack signatures, file types, URLs, and other parameters.
These tests determine if changes are needed before a policy is enforced, without reducing
current protection levels. Policies are redesigned and retested until they are ready for
live implementation.

Hybrid Policy Management and Deployment

Silverline Web Application Firewall managed service and express self-service options
provide a simplified approach to deploying policies across traditional and cloud
environments. With a centralized deployment of WAF policies from the Silverline cloud-
based platform, organizations can reduce IT overhead, minimize configuration errors,
and ensure the overall effectiveness of each policy to protect web applications no matter
where they reside in the network.

Defend with Proven Security Effectiveness

Silverline Web Application Firewall managed and express services are built on BIG-IP ASM,
which is recognized as the most scalable WAF on the market. NSS Labs recommends
BIG-IP ASM based on tests that demonstrate 99.89 percent overall security effectiveness
with minimal false positives (0.124 percent) as compared with competitors. To learn more,
read the product analysis report.

Comprehensive Attack Protection

The Silverline Web Application Firewall managed service provides comprehensive
geolocation attack protection from layer 7 distributed denial-of-service (DDoS),
SQL injection, OWASP Top Ten application security risks, cross-site scripting (XSS),
and zero-day web application attacks. It prevents execution of fraudulent transactions,
stops in-browser session hijacking, and secures AJAX applications and JSON payloads.
The service also delivers proactive bot defense capabilities that provide always-on
protectionpreventing automated layer 7 DoS attacks, web scraping, and brute force
attacks. The Silverline Web Application Firewall managed service provides live updates
for attack signatures to ensure up-to-date protection, geolocation-based blocking, and an
integrated XML firewall.

3
DATASHEET
Silverline Web Application Firewall

Built-In Compliance and Reporting Capabilities

Advanced, built-in security protection and remote auditing help organizations comply with
industry security standards, including the Payment Card Industry Data Security Standard
(PCI DSS), HIPAA, Basel II, and SOXcost effectively and without multiple appliances,
application changes, or rewrites. The Silverline Web Application Firewall managed and
express service options report previously unknown threats, such as SQL injection and XSS
attacks, and mitigate web application threats to shield the organization from data breaches.

Gain Attack Insights and Intelligence

The Silverline Web Application Firewall service includes access to the Silverline customer
web portalenabling administrators to securely communicate with managed service SOC
experts and view centralized threat-monitoring reports. The customer portal provides
managed service and express service administrators with immediate attack details and
enhanced visibility into the mitigation techniques used to detect and prevent the application
attack. Details include source geo-IP mapping, blocked vs. alerted attacks, blocked traffic,
blocked attack types, alerted attack types, threats, bandwidth used, hits/sec, and the type
of traffic and visits (bots v. humans).

Figure 2: The Silverline customer web portal provides immediate attack details and analysis.

Integration for agility and adaptability

The ability to respond to frequent changes in attack methods is a key component of web
application security. By integrating with third-party products, the Silverline Web Application
Firewall managed service provides a dynamic and adaptable security solution. Data can be
uploaded from WhiteHat Sentinel, IBM Rational AppScan, HP WebInspect, and QualysGuard
Web Application Scanning products. These products offer vulnerability assessment, auditing,
and real-time database reporting to provide security breach reviews, attack prevention,
and compliance.

4
DATASHEET
Silverline Web Application Firewall

However, vulnerability management can drain your security team productivity. Scans take
too long, vulnerabilities detected are difficult to prioritize, and new threat signatures are
often not updated. This wont be an issue when you gain continuous visibility with
Silverline expertise. The managed service SOC experts enable VA/DAST app management
by scanning your apps, identifying vulnerabilities, and configuring policies for patching that
blocks web app attacks. Your apps are protected by SOC experts who review the scans
to implement the best protection profile. Youll receive notification of changes,
reporting, and analytics.

Comprehensive Managed Service App Protection

The Silverline Web Application Firewall managed service protects applications from OWASP
Top Ten and zero-day threats.
Managed service attack protections include: Security Operations Center
managed services include:
OWASP Top Ten attacks
Layer 7 DoS and DDoS Expert policy setup

Brute force Policy fine-tuning

Parameter and HPP tampering Policy staging

Sensitive information leakage Proactive alert monitoring

Buffer overflows False positives tuning

Cookie manipulation Detection tuning

Various encoding attacks Whitelist/Blacklist configuration

Forceful browsing Additional managed security features:

Hidden fields manipulation RFC compliance
Request smuggling Bot protection
XML bombs/DoS Vulnerability scan import from third-party
Web scraping DAST providers
Reverse engineering Web scraping prevention
Application tampering Geolocation-based blocking
Zero-day web application attacks
AJAX/JSON web threats

5
DATASHEET
Silverline Web Application Firewall

Streamlined Self-Service App Protection

In addition to a managed service, Silverline Web Application Firewall is available in an
express self-service WAF for streamlined app protection. With a few key configuration steps
in the Silverline Customer Portal, you can engage expertly maintained policies for rapid
deployment, monitoring, and app attack mitigation anywhere.

Express self-service capabilities provide IT professionals with:

OWASP attack protections (e.g., XSS, CSRF,
SQL injection, encoding)
Automated bot protection
Application and parameter/HPP tampering
protection
Expertly maintained app attack policies
IP whitelisting/blacklisting
SSL offload, certificates/keys, and stats
Violation summaries and web traffic stats
PCI-DSS and RFC compliance
Self-service, portal-based policy deployment
24x7 email and phone portal support
Per fully qualified domain name (FQDN) policies
one WAF policy for each FQDN
5 FQDNs and 50 Mbps bandwidth initiallyscale
on demand for greater coverage
Load balancing apps
Provisioning via the customer portal

Express service key benefits:

Deploy rapidly across cloud and on-premises Defend attacks with robust effectiveness
environments Gain attack insights and intelligence
Ensure app security anywhere Drive efficiencies and reduce complexity

Figure 3. Easily configure domains, choose application stacks, and load SSL certificates for rapid app
protection with the Silverline Web Application Firewall express service option.

The Silverline Cloud-Based Platform

Silverline is F5s cloud-based application services platform. Its services can be deployed
on-demand to achieve seamless scalability, security, and performance for applications
in traditional and cloud environments. By combining F5 on-premises application services
with Silverline cloud-based services, organizations can achieve faster response times,
unparalleled visibility and reporting, and cost efficiencies.

6
 7

DATASHEET
Silverline Web Application Firewall

Flexible Licensing

Silverline Web Application Firewallmanaged and express services

Available in 1-year and 3-year subscriptions, F5 offers Silverline
Web Application Firewall based on the number of FQDNs protected and
monthly bandwidth required.

Add-On Threat Intelligence Services

F5 offers Silverline Threat Intelligence for additional detection and blocking of IPs known
to support malicious traffic. This service reduces unwanted attack communications on
your network and helps you avoid further mitigation requirements. Emerging threats are
continuously captured and published, while IP addresses that are no longer malicious are
removed from the threat data. Silverline Threat Intelligence enhances Silverline DDoS
Protection (in proxy mode) or Silverline Web Application Firewall services while allowing
access to legitimate IP addresses.

F5 Security Operations Center

The F5 Security Operations Center offers world-class support and guidance to help you get
the most from your F5 Silverline investment. Whether its providing fast answers to questions,
guidance on your security questions, or assisting with modifications to your implementation,
the F5 SOC can help ensure your applications are always secure, fast, and reliable. For more
information about the SOC, visit f5.com/soc.

More Information
To learn more about Silverline Web Application Firewall, visit f5.com to find these and
other resources.

Silverline
Silverline Web Application Firewall
Silverline platform
Silverline DDoS Protection

Reports
Gartner Web Application Firewall Magic Quadrant 2016
2016 NSS Web Application Firewall Product Analysis for BIG-IP ASM

Awards
Best Web App Solution

F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 f5.com

Americas Asia-Pacific Europe/Middle East/Africa Japan

info@f5.com apacinfo@f5.com emeainfo@f5.com f5j-info@f5.com

2016 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com.
Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. DC1216 | DS-SILVERLINE-WAF-114880188